PureFTPd on FreeBSD 8.2
提供:MDWiki
ProFTPd や vsFTPd の他にもあるので、これを使ってみる。
目次 |
インストール
FreeBSD 8.2 release 上での操作を想定する。
root@freebsd# cd /usr/ports/ftp/pure-ftpd
root@freebsd# cat distinfo
SHA256 (pure-ftpd-1.0.32.tar.bz2) = f1b99a9b238c330a3efea03af2f15d56b2447e6028e3b68ce9a2d261c0d520a4
SIZE (pure-ftpd-1.0.32.tar.bz2) = 465149
root@freebsd# cat pkg-descr
Pure-FTPd is a fast, production-quality, standard-conformant FTP server,
based upon Troll-FTPd.
Unlike other popular FTP servers, it's designed to be secure in default
configuration, has no known buffer overflow, it is really trivial to set up
and it is especially designed for modern kernels.
Features include PAM support, IPv6, chroot()ed home directories, virtual
domains, built-in 'ls', anti-warez system, configurable ports for passive
downloads, FXP protocol, bandwidth throttling, ratios, LDAP, customizable
SQL, fortune files, Apache-like log files, fast standalone mode, text / HTML
/ XML real-time status report, virtual users, virtual quotas, privilege
separation and more.
WWW: http://www.pureftpd.org/
root@freebsd# make config
[...]
[X] PAM Support for PAM authentication
[X] PRIVSEP Enable privilege separation
[X] PERUSERLIMITS Per-user concurrency limits
[X] THROTTLING Bandwidth throttling
[X] UTF8 Support for charset conversion
[X] SENDFILE Support for the sendfile syscall
[X] VIRTUALCHROOT Follow symlinks outside a chroot jail
[...]
root@freebsd# make
===> Vulnerability check disabled, database not found
===> License check disabled, port has not defined LICENSE
===> Found saved configuration for pure-ftpd-1.0.32
You can use the following additional options:
WITH_CERTFILE=/path - Set different location of certificate file for TLS
WITH_LANG=lang - Enable compilation of language support, lang is one of
english, german, romanian, french, french-funny, polish, spanish,
danish, dutch, italian, brazilian-portuguese, slovak, korean, swedish,
norwegian, russian, traditional-chinese, simplified-chinese, czech,
turkish, hungarian, catalan
=> pure-ftpd-1.0.32.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.32.tar.bz2
pure-ftpd-1.0.32.tar.bz2 100% of 454 kB 226 kBps
===> Extracting for pure-ftpd-1.0.32
=> SHA256 Checksum OK for pure-ftpd-1.0.32.tar.bz2.
===> Patching for pure-ftpd-1.0.32
===> pure-ftpd-1.0.32 depends on shared library: iconv.3 - found
===> Configuring for pure-ftpd-1.0.32
checking for a BSD-compatible install... /usr/bin/install -c -o root -g wheel
checking whether build environment is sane... yes
checking for gawk... no
checking for mawk... no
checking for nawk... nawk
[...]
cc -O2 -pipe -fno-strict-aliasing -L/usr/local/lib -o pure-ftpd main.o libpureftpd.a\
../puredb/src/libpuredb_read.a -liconv -liconv -lcrypt -lpam
cc -O2 -pipe -fno-strict-aliasing -L/usr/local/lib -o pure-authd pure-authd.o bsd-getopt_long.o\
fakesnprintf.o mysnprintf.o -liconv -liconv -lcrypt -lpam
Making all in contrib
Making all in man
Making all in pam
Making all in gui
Making all in configuration-file
Making all in m4
root@freebsd# make install clean
===> Installing for pure-ftpd-1.0.32
===> pure-ftpd-1.0.32 depends on file: /usr/local/bin/perl5.12.4 - found
===> pure-ftpd-1.0.32 depends on shared library: iconv.3 - found
===> Generating temporary packing list
===> Checking if ftp/pure-ftpd already installed
Making install in puredb
Making install in src
Making install in src
test -z "/usr/local/bin" || /bin/sh /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/install-sh -d "/usr/local/bin"
install -s -o root -g wheel -m 555 'pure-statsdecode' '/usr/local/bin/pure-statsdecode'
install -s -o root -g wheel -m 555 'pure-pw' '/usr/local/bin/pure-pw'
install -s -o root -g wheel -m 555 'pure-pwconvert' '/usr/local/bin/pure-pwconvert'
test -z "/usr/local/sbin" || /bin/sh /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/install-sh -d "/usr/local/sbin"
install -s -o root -g wheel -m 555 'pure-ftpd' '/usr/local/sbin/pure-ftpd'
install -s -o root -g wheel -m 555 'pure-mrtginfo' '/usr/local/sbin/pure-mrtginfo'
install -s -o root -g wheel -m 555 'pure-ftpwho' '/usr/local/sbin/pure-ftpwho'
install -s -o root -g wheel -m 555 'pure-uploadscript' '/usr/local/sbin/pure-uploadscript'
install -s -o root -g wheel -m 555 'pure-quotacheck' '/usr/local/sbin/pure-quotacheck'
install -s -o root -g wheel -m 555 'pure-authd' '/usr/local/sbin/pure-authd'
Making install in contrib
Making install in man
test -z "/usr/local/man/man8" || /bin/sh /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/install-sh -d "/usr/local/man/man8"
install -o root -g wheel -m 444 './pure-ftpd.8' '/usr/local/man/man8/pure-ftpd.8'
install -o root -g wheel -m 444 './pure-ftpwho.8' '/usr/local/man/man8/pure-ftpwho.8'
install -o root -g wheel -m 444 './pure-mrtginfo.8' '/usr/local/man/man8/pure-mrtginfo.8'
install -o root -g wheel -m 444 './pure-uploadscript.8' '/usr/local/man/man8/pure-uploadscript.8'
install -o root -g wheel -m 444 './pure-statsdecode.8' '/usr/local/man/man8/pure-statsdecode.8'
install -o root -g wheel -m 444 './pure-quotacheck.8' '/usr/local/man/man8/pure-quotacheck.8'
install -o root -g wheel -m 444 './pure-pw.8' '/usr/local/man/man8/pure-pw.8'
install -o root -g wheel -m 444 './pure-pwconvert.8' '/usr/local/man/man8/pure-pwconvert.8'
install -o root -g wheel -m 444 './pure-authd.8' '/usr/local/man/man8/pure-authd.8'
Making install in pam
Making install in gui
Making install in configuration-file
Making install in m4
===> Installing rc.d startup script(s)
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/pureftpd-ldap.conf\
/usr/local/etc/pureftpd-ldap.conf.sample
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/pureftpd-mysql.conf\
/usr/local/etc/pureftpd-mysql.conf.sample
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/pureftpd-pgsql.conf\
/usr/local/etc/pureftpd-pgsql.conf.sample
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/configuration-file/pure-ftpd.conf\
/usr/local/etc/pure-ftpd.conf.sample
install -o root -g wheel -m 555 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/configuration-file/pure-config.pl\
/usr/local/sbin/
cd /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/contrib && install -o root -g wheel -m 555 xml_python_processors.txt\
pure-stat.pl pure-vpopauth.pl /usr/local/share/examples/pure-ftpd
/bin/mkdir -p /usr/local/share/examples/pure-ftpd/pam
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/files/pam.conf.5 /usr/local/share/examples/pure-ftpd/pam/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/AUTHORS /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/CONTACT /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/COPYING /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/HISTORY /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/NEWS /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/README /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/README.Configuration-File /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/README.Contrib /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/README.LDAP /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/README.MySQL /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/README.PGSQL /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/README.Virtual-Users /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/README.Authentication-Modules /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/THANKS /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/pure-ftpd.png /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/pureftpd.schema /usr/local/share/doc/pure-ftpd
install -o root -g wheel -m 444 /usr/ports/ftp/pure-ftpd/work/pure-ftpd-1.0.32/README.TLS /usr/local/share/doc/pure-ftpd
Now you need to examine /usr/local/share/examples/pure-ftpd/pam/pure-ftpd
and add the relevant PAM configuration lines to your
/etc/pam.conf file.
If you defined call upload script in pure-ftpd config
define corresponding vars in rc.conf
Without it pure-ftpd will not listen tcp socket - see
FAQ: http://pureftpd.org/FAQ
===> Compressing manual pages for pure-ftpd-1.0.32
===> Registering installation for pure-ftpd-1.0.32
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/pure-authd
/usr/local/sbin/pure-ftpd
This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/pure-ftpd
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
http://www.pureftpd.org/
===> Cleaning for pure-ftpd-1.0.32
root@freebsd#
設定
/usr/local/etc/rc.d/pure-ftpd のスタートアップ・スクリプトは、ディフォールトだと次のとおり。
ちなみに、vi で単純に開くと保存・終了できなくなる (read-only) ので、su している場合は :wq! で強制更新して終了する。
#!/bin/sh
# PROVIDE: pureftpd
# REQUIRE: NETWORKING SERVERS
# BEFORE: DAEMON
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable pure-ftpd:
#
# pureftpd_enable="YES"
#
# For launch uploadscript daemon define
# pureftpd_upload_enable="YES"
# pureftpd_uploadscript="/full/path/to/launch_script"
#
. /etc/rc.subr
name=pureftpd
rcvar=`set_rcvar`
load_rc_config $name
command=/usr/local/sbin/pure-config.pl
command_upload=/usr/local/sbin/pure-uploadscript
pureftpd_uploadscript=${pureftpd_uploadscript:-"/usr/bin/touch"}
pureftpd_config=${pureftpd_config:-"/usr/local/etc/pure-ftpd.conf"}
required_files=${pureftpd_config}
pidfile=/var/run/pure-ftpd.pid
pidfile2=/var/run/pure-uploadscript.pid
procname=pure-ftpd
pureftpd_enable=${pureftpd_enable:-"NO"}
command_args="${pureftpd_config} -g${pidfile}"
command_upload_args="-B -r ${pureftpd_uploadscript}"
start_postcmd=start_postcmd
stop_postcmd=stop_postcmd
start_postcmd()
{
if test -n ${pureftpd_upload_enable:-""} && checkyesno pureftpd_upload_enable; then
echo "Starting ${command_upload}."
${command_upload} ${command_upload_args}
fi
}
stop_postcmd()
{
if test -n ${pureftpd_upload_enable:-""} && checkyesno pureftpd_upload_enable; then
pid=$(check_pidfile ${pidfile2} ${command_upload})
if [ -z ${pid} ]; then
echo "Upload script not running? (check ${pidfile2})."
return 1
fi
echo "Stopping ${command_upload}."
kill -${sig_stop:-TERM} ${pid}
[ $? -ne 0 ] && [ -z "$rc_force" ] && return 1
wait_for_pids ${pid}
fi
}
run_rc_command "$1"
PureFTPd のひとつの特徴として、設定ファイルがないという点を挙げられる。PureFTPd は、コマンドラインオプションで全ての設定を決めて動作させる。そのため、オプションは非常に詳細に用意されている。
参照
起動
super server (inetd) 経由で起動する。FreeBSD を入れた直後は inetd が動いていないので、/etc/inetd.conf を開いて、
ftp stream tcp nowait root /usr/local/sbin/pure-ftpd pure-ftpd
の1行を追加してから、/usr/sbin/inetd を起動する。
root@freebsd# ps auxww [...] root 66931 0.0 0.0 3412 1196 ?? Ss 4:08PM 0:00.00 /usr/sbin/inetd [...]
これだけで FTP は使えるようになる。
それから、/etc/rc.conf には、
pureftpd_enable="YES"
を追加する。
使い方
リンク
- サーバ&ネットワーク運用メモのトップヘ
- メインページへ
